Hackers, Data Leaks …. Should I Worry about Industry 4.0?

Industry 4.0 sounds great, but it naturally has its risks as well – but few people care to talk about them. Instead of sweeping them under the carpet, though, we should be talking openly about them. I recently attended one such event which did just that.

Digitalisation of the industry is a big topic, so no wonder the crowd was quit big.

I was a local industry event, here in Germany, to get away from navel-gazing and to see what is happening outside the world of coatings. I was searching for inspiration on Industry 4.0. As it turned out, it wasn’t the latest robots and data glasses that impressed me the most, but rather the transparent way in which the issue of security was dealt with.

Small comapnies not safer than big ones

Patrick Smolka from HDI Global SE reported on experience from the perspective of an insurance company which hedges damages and losses of earnings through so-called "cyber insurance." He cautioned against the fallacy harboured by small and medium-sized companies that they are safe because hackers only target "the big guys." Ever since the WannaCry epidemic, everyone should be clear that this is an issue which needs to feature on every company’s agenda.

For example, Smolka reported on a case in which an SME was targeted by hackers who then issued invoices to customers in the name of the company. The point of his example was not to instil fear. Instead, it was to demonstrate that even if you don’t use a machine or a digital sensor and even if you operate a wholly analogue warehouse system, you still need to address the issue of digital security.

Data protection getting more important

Ulrich Herfurth talking about data protection and industry 4.0

Horror scenarios aside, there are plenty of other things to watch out for. Ulrich Herfurth, a lawyer at Herfurth & Partners, explained that there are data protection issues that must not be overlooked. It shouldn’t be forgotten, he said, that as soon as agitators and the like are hooked up to a server, data from the production process quickly become personally identifiable data of those employees working on the networked machines.

Herfurth therefore recommended that the data should be kept within Europe. The best thing to do is to utilise a server etc that does not belong to a US parent company – which effectively rules out cloud services from Amazon, Microsoft and their ilk. With the new European Data Protection Regulation coming into force next year, Herfurth warned that stiff fines are looming in the event of violations.

Safety and security

Prof. Lorenz Däubler from the University of Hanover painted an interesting scenario. So far, the subjects of cyber security, i.e. attacks from outside, and industrial safety, e.g. the risk of personal injury, have been treated in isolation. This needed to be re-considered, because ultimately it would be possible for malware programs from the outside to interfere with production on the inside. And even in those cases where there is no mains connection, traditional security concepts are ineffective on modern machines. For instance, the automatic shutdown devices currently in widespread use would be precisely the wrong countermeasure in the case of drones, as they would inexorably lead to a crash.

A natural response to all these points would be a mixture rejection and fear. But my impression was and remains that that would be the wrong response. There are countless examples of the benefits which can accrue from successful digitalisation and so I won’t bother listing any of them here. What I would contend, however, is that if these benefits are to bear fruit, each and every investment should be preceded by a proper risk analysis.

The digital industry keeps making strides forward. It wouldn’t do any harm for it to talk about the risks every now and then.